Malware Analysis Report

2024-09-09 17:33

Sample ID 240613-nv2f6a1epp
Target a55b2ed02490254f92796a1b32607e10_JaffaCakes118
SHA256 9b810cd2c0fd928830a3365c83bb51ebbb8755d8dcc01e331244bf47a7a81dea
Tags
discovery evasion persistence
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

9b810cd2c0fd928830a3365c83bb51ebbb8755d8dcc01e331244bf47a7a81dea

Threat Level: Shows suspicious behavior

The file a55b2ed02490254f92796a1b32607e10_JaffaCakes118 was found to be: Shows suspicious behavior.

Malicious Activity Summary

discovery evasion persistence

Loads dropped Dex/Jar

Queries information about active data network

Requests dangerous framework permissions

Queries the unique device ID (IMEI, MEID, IMSI)

Registers a broadcast receiver at runtime (usually for listening for system events)

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-13 11:43

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A

Analysis: behavioral3

Detonation Overview

Submitted

2024-06-13 11:43

Reported

2024-06-13 11:47

Platform

android-x64-arm64-20240611.1-en

Max time kernel

178s

Max time network

171s

Command Line

com.myapp

Signatures

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/com.myapp/cache/DA39A3EE5E6B4B0D3255BFEF95601890AFD80709 N/A N/A
N/A /data/user/0/com.myapp/cache/DA39A3EE5E6B4B0D3255BFEF95601890AFD80709!classes2.dex N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Processes

com.myapp

Network

Country Destination Domain Proto
GB 142.250.187.206:443 tcp
GB 142.250.187.206:443 tcp
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 172.217.169.8:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 api.jetrohe.pw udp
IE 34.246.200.160:443 api.jetrohe.pw tcp
GB 142.250.179.228:443 tcp
GB 142.250.179.228:443 tcp
GB 216.58.201.110:443 tcp
GB 142.250.179.226:443 tcp

Files

/data/user/0/com.myapp/cache/DA39A3EE5E6B4B0D3255BFEF95601890AFD80709

MD5 ec4d46c643c29ee1367bf791e701ada2
SHA1 820d491b682ef5ea4634a73fef5987d00c276150
SHA256 a1874afbe0441c906eaaebc03f9a7a647729c6e9e75a7cdb34bef7742438e0b4
SHA512 4d351ab5365bbfcb01abebf9176d6ceb21f6cb56532412485d90524ea3f39207635bae8e4382bdd37959532b672ca249b2084529c8641109a6ff1c4f5a8f36a7

/data/user/0/com.myapp/cache/DA39A3EE5E6B4B0D3255BFEF95601890AFD80709

MD5 6eef034d5ac3da6c619cddfb20df2e81
SHA1 1529d69d265f50717c1bf9ae7546b2a80831588a
SHA256 930ec1fe7ff09ef6c66fda123e868d5e7989689fa17d1833e5a04716d296a6cc
SHA512 ffe20e767be04cde31942228b939788edf0c0c89138b43703b983ffd05ad32350a762bc78410aa1e9e7a59cf0b3f05112001c1254e9ac0544cd9a4d9fe641d76

/data/user/0/com.myapp/cache/DA39A3EE5E6B4B0D3255BFEF95601890AFD80709!classes2.dex

MD5 f2bdd37bca225c125cb8cdf59e8b70d3
SHA1 8744919e45d714b2ba75ef286eb3f20795e4bb78
SHA256 9cab997e28849d98c628e9fc572ca29036b166c77d3e935ee492d565a303f5ae
SHA512 67fdc6a1466ed8953c5ed409a2b810904d8351a3279043bc48fd6cb5290ba77bb732af7cc854b73948c26241a25f7de6acd6c90a1554d18e01aa91667e089768

/storage/emulated/0/Google/google.id

MD5 e76e30708ebff27860163c4b7553bfc1
SHA1 4bc4f9849df5080d9846f1a75003a4a3018f42b5
SHA256 5a9c6a71bdefe4f0e400a52426733e507d3698ce8ce50e243a0cfcd9b9d0a360
SHA512 dc8c2281054a8709699caf2e8dc706a0838f3fc60abd6b843e5743849c90b38327a63b073d36c11e30675d5cbc90bbb6561d05798a0caa1afeba5842c6d42119

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 11:43

Reported

2024-06-13 11:47

Platform

android-x86-arm-20240611.1-en

Max time kernel

178s

Max time network

131s

Command Line

com.myapp

Signatures

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/com.myapp/cache/DA39A3EE5E6B4B0D3255BFEF95601890AFD80709 N/A N/A
N/A /data/user/0/com.myapp/cache/DA39A3EE5E6B4B0D3255BFEF95601890AFD80709!classes2.dex N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Processes

com.myapp

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 api.jetrohe.pw udp
IE 34.246.200.160:443 api.jetrohe.pw tcp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.238:443 android.apis.google.com tcp
GB 216.58.212.202:443 tcp

Files

/data/data/com.myapp/cache/DA39A3EE5E6B4B0D3255BFEF95601890AFD80709

MD5 ec4d46c643c29ee1367bf791e701ada2
SHA1 820d491b682ef5ea4634a73fef5987d00c276150
SHA256 a1874afbe0441c906eaaebc03f9a7a647729c6e9e75a7cdb34bef7742438e0b4
SHA512 4d351ab5365bbfcb01abebf9176d6ceb21f6cb56532412485d90524ea3f39207635bae8e4382bdd37959532b672ca249b2084529c8641109a6ff1c4f5a8f36a7

/data/user/0/com.myapp/cache/DA39A3EE5E6B4B0D3255BFEF95601890AFD80709

MD5 6eef034d5ac3da6c619cddfb20df2e81
SHA1 1529d69d265f50717c1bf9ae7546b2a80831588a
SHA256 930ec1fe7ff09ef6c66fda123e868d5e7989689fa17d1833e5a04716d296a6cc
SHA512 ffe20e767be04cde31942228b939788edf0c0c89138b43703b983ffd05ad32350a762bc78410aa1e9e7a59cf0b3f05112001c1254e9ac0544cd9a4d9fe641d76

/data/user/0/com.myapp/cache/DA39A3EE5E6B4B0D3255BFEF95601890AFD80709!classes2.dex

MD5 f2bdd37bca225c125cb8cdf59e8b70d3
SHA1 8744919e45d714b2ba75ef286eb3f20795e4bb78
SHA256 9cab997e28849d98c628e9fc572ca29036b166c77d3e935ee492d565a303f5ae
SHA512 67fdc6a1466ed8953c5ed409a2b810904d8351a3279043bc48fd6cb5290ba77bb732af7cc854b73948c26241a25f7de6acd6c90a1554d18e01aa91667e089768

/storage/emulated/0/Google/google.id

MD5 b35134b09bea6043d421edf5452d84d7
SHA1 f8901f1055f29907397d25263f2037ad0c4f46d4
SHA256 5ddbb57603ce07777a0fb724c8eb10f434cbc7d64b5619668f9b985c0826c318
SHA512 bd2198d0c548b5bddbfe2ca4114915ea7f206d62464b23ff2de2634221b0b248537f36c3daf478a36b61428e4dfdeaa3288ad0bbdd1ca402479e30ace0247ecb

/data/data/com.myapp/cache/oat/DA39A3EE5E6B4B0D3255BFEF95601890AFD80709.cur.prof

MD5 145cdbd4d96f464f125f9fe298c996a1
SHA1 ef053a66385e09aa3488671d8987f662510ea136
SHA256 2b42e9d5eab9e087ef000fdd9d7119623c82918024da397c6df250d8b5127749
SHA512 3078422d2fe781b27d23409330d8f53929ba0ca0644857288f57e50e9482f39ad03f5d637809754464702a89300b641374f8032139a0868775fe7ffe3860380c

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 11:43

Reported

2024-06-13 11:47

Platform

android-x64-20240611.1-en

Max time kernel

178s

Max time network

148s

Command Line

com.myapp

Signatures

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/com.myapp/cache/DA39A3EE5E6B4B0D3255BFEF95601890AFD80709 N/A N/A
N/A /data/user/0/com.myapp/cache/DA39A3EE5E6B4B0D3255BFEF95601890AFD80709!classes2.dex N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries the unique device ID (IMEI, MEID, IMSI)

discovery

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Processes

com.myapp

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 216.58.212.200:443 ssl.google-analytics.com tcp
GB 142.250.178.10:443 tcp
US 1.1.1.1:53 api.jetrohe.pw udp
IE 34.246.200.160:443 api.jetrohe.pw tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.201.110:443 android.apis.google.com tcp
GB 216.58.213.14:443 tcp
GB 142.250.178.14:443 tcp
GB 216.58.201.98:443 tcp
GB 142.250.179.228:443 tcp
GB 142.250.179.228:443 tcp

Files

/data/data/com.myapp/cache/DA39A3EE5E6B4B0D3255BFEF95601890AFD80709

MD5 ec4d46c643c29ee1367bf791e701ada2
SHA1 820d491b682ef5ea4634a73fef5987d00c276150
SHA256 a1874afbe0441c906eaaebc03f9a7a647729c6e9e75a7cdb34bef7742438e0b4
SHA512 4d351ab5365bbfcb01abebf9176d6ceb21f6cb56532412485d90524ea3f39207635bae8e4382bdd37959532b672ca249b2084529c8641109a6ff1c4f5a8f36a7

/data/user/0/com.myapp/cache/DA39A3EE5E6B4B0D3255BFEF95601890AFD80709

MD5 6eef034d5ac3da6c619cddfb20df2e81
SHA1 1529d69d265f50717c1bf9ae7546b2a80831588a
SHA256 930ec1fe7ff09ef6c66fda123e868d5e7989689fa17d1833e5a04716d296a6cc
SHA512 ffe20e767be04cde31942228b939788edf0c0c89138b43703b983ffd05ad32350a762bc78410aa1e9e7a59cf0b3f05112001c1254e9ac0544cd9a4d9fe641d76

/data/user/0/com.myapp/cache/DA39A3EE5E6B4B0D3255BFEF95601890AFD80709!classes2.dex

MD5 f2bdd37bca225c125cb8cdf59e8b70d3
SHA1 8744919e45d714b2ba75ef286eb3f20795e4bb78
SHA256 9cab997e28849d98c628e9fc572ca29036b166c77d3e935ee492d565a303f5ae
SHA512 67fdc6a1466ed8953c5ed409a2b810904d8351a3279043bc48fd6cb5290ba77bb732af7cc854b73948c26241a25f7de6acd6c90a1554d18e01aa91667e089768

/storage/emulated/0/Google/google.id

MD5 78526364c6e0921ab18631072ed01820
SHA1 2c111ba6821c7f0f2026011d01542966e6825989
SHA256 d0d829c801d27d9a0581bda09f427c199c5ad1a291357ae44786f5f82fb57e40
SHA512 bc6db9f277aaaef1d1b515c306b6bfbf5781b20692166627ce9d931329b630ef4b7fe7ed6fc5c9e92aaa7b834be4b3a36cd2674137aaceb18f492b296f86d48e